Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

A large retail data breach at Saks Fifth Avenue and Lord & Taylor stores was reported on April 1, and the impact is no joke.

More than 5 million payment cards were allegedly stolen in the data breach, according to security firm Gemini Advisory, which first publicly reported the incident. Gemini Advisory became aware of the breach as early as March 28, when a hacker group listed a cache of stolen credit cards for sale in a dark web forum. Analysis of the stolen payment cards by Gemini Advisory in cooperation with several financial institutions identified Saks Fifth Avenue and Lord & Taylor stores as the source for the cards, which has been confirmed by the retail stores' parent company, Hudson's Bay Company (HBC).

"HBC (TSX:HBC) today announced that it has become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America," HBC stated in a press release. "While the investigation is ongoing, there is no indication at this time that this affects the Company's e-commerce or other digital platforms, Hudson's Bay, Home Outfitters, or HBC Europe."

Further reading

Gemini Advisory's analysis estimates that the HBC-owned stores were compromised somewhere around May 2017. In addition, the security firm suspects that 83 Saks Fifth Avenue stores and all Lord & Taylor locations were compromised in the data breach. HBC has not yet publicly confirmed or denied the length of time the Lord & Taylor and Saks retail systems were compromised, or which specific stores were breached.

"We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores," HBC stated.

While payment card information was stolen and is now being offered for sale by hackers, HBC has stated that Social Security or Social Insurance numbers, driver's license numbers, and payment card PINs were not part of the data breach.

JokerStash

Gemini Advisory has alleged that the cyber-attacker group known as JokerStash is behind the sale of the stolen payment cards. The same group has been linked to multiple retail breaches in recent years, including the breaches of grocery chain Whole Foods and Chipotle restaurants in 2017.

JokerStash has not released its entire cache of payment cards stolen from Saks and Lord & Taylor yet. According to Gemini Advisory, currently only 90,000 Lord & Taylor and 35,000 Saks Fifth Avenue compromised records have been offered for sale to date.

Customer Impact

While attackers potentially can use the stolen payment cards, HBC stated that customers won't be liable for fraudulent charges that come as a result of the data breach.

"Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring," HBC stated. "We encourage our customers to review their account statements and contact their card issuers immediately if they identify activity or transactions they do not recognize."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.